Lucene search

[email protected]NVD:CVE-2024-31413

HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-31413

2024-05-0113:15:52

[email protected]

web.nvd.nist.gov

cx-one

sysmac studio

buffer vulnerability

arbitrary code execution

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

References

jvn.jp/en/vu/JVNVU98274902/

www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-31413

cvelist1 cve1